Friday, May 27, 2011

The Task List is a standard JSR-168 portlet that allows you to check the ToDo tasks and take actions on those. Since the task list is a WSRP portlet producer application, it must be deployed on a managed server configured as a portlet container, such as WC_Portlet.
The objective of this post is to have a Cookbook format. The same steps can be found in Oracle’s documentation, except for some caveats and images that should smooth the process.

Steps

The picture above describes the deployment architecture as well as some basic interaction between the involved managed servers. Please notices that we have two different domains in the picture.

Deploying Task List Portlet
1. Because the task list portlet producer application uses the deployed library oracle.soa.workflow.wc, you must confirm that the library is targeted to the Oracle WebLogic Server portlet managed server.

a. Log in to Oracle WebLogic Server Administration Console.
b. Go to Deployments &gt; oracle.soa.workflow.wc &gt;Targets.
c. See if WLS_Portlet is checked. If not, check it and save your updates.

2. In WebCenter PS3 there’s a shared lib issue. You also need to deploy rules.jar as a shared library in WC_Portlet. You can find rules.jar under &lt;JDEV_INSTALL&gt;/jdeveloper/soa/modules/oracle.rules_11.1.1/rules.jar.

The next step is to configure the remote JNDI providers on WebCenter. As mentioned before, the task list portlet bring the info from SOA server through remote EJB calls.

a. Click New. In the Name field, enter ForeignJNDIProvider-SOA, target it to WC_Portlet, and click OK.
b. Click the ForeignJNDIProvider-SOA link and enter the values in the table below.

Initial Context Factory

weblogic.jndi.WLInitialContextFactory

Provider URL

t3://[soa_hostname]:[port]/soa-infra

User

weblogic

Password

Enter weblogic password.

Confirm Password

Password confirmation.

2. Click the Links tab. Under Foreign JNDI Links, click New. Now enter the same values on the table below to Name, Local JNDI Name, and Remote JNDI Name.

RuntimeConfigService

ejb/bpel/services/workflow/TaskServiceBean

ejb/bpel/services/workflow/TaskMetadataServiceBean

TaskReportServiceBean

TaskEvidenceServiceBean

TaskQueryService

UserMetadataService

Configuring EJB Identity Propagation

We’ll start by enabling global trust. Log in to the WLS Adm Console for WebCenter.

On the left side of the page, click on Domain &gt; Security &gt; Advanced and modify the domain credentials.

Log in to the SOA server Admin Console and modify the domain credentials to the same password as entered for WebCenter.Regarding application authorization, the same user logged-in to the Spaces application must be present in the Porlet and SOA identity stores, or the three servers could point to the same identity store. For this post we have OID setup as the common identity store. For more info please see Oracle doc.

c. Enter the details for keystore management and identity certificates as shown below.

d. Click OK.

e. Restart WC_Portlet and AdminServer in the WebCenter domain.

f. Follow the same steps starting at b, but now for the SOA domain. To make your life easier we’ll use the same default-keystores.jks file, which means that you don’t need to run the keytool command again.

Monday, May 23, 2011

While using your WebCenter Portal application, users may encounter situations where a Space would be useful to help them complete a particular task. In such cases, it would be much less disruptive to remain within the context of the current application, rather than having to switch to the WebCenter Spaces application. To this end, WebCenter Spaces provides access to a subset of its Space functionality through several APIs. Using these APIs, you can integrate powerful Space functionality into your WebCenter Portal application.
You can use WebCenter Spaces APIs to:

Create and manage Spaces and Space templates. You can create and delete Spaces, and add custom attributes. For more information, see (WebCenter Developer's Guide) Section 50.2.5.1, "Managing Spaces and Space Template."Manage Space membership.

You can add and remove Space members. For more information, see (WebCenter Developer's Guide) Section 50.2.5.2, "Managing Space Membership."

Retrieve information about Spaces and Space templates. For example, you can retrieve the WebCenter Spaces URL or the URL of a specific Space. You can also retrieve Space and Space template metadata. For more information, see (WebCenter Developer's Guide) Section 50.2.5.3, "Retrieving Information for Spaces and Space Templates."

WebCenter Spaces APIs are contained within several classes. For more information on the different classes with descriptions on the purpose of the APIs within each class, see Table 50-1 in the WebCenter Developers Guide. In this post I will explain how to set up your portal application, and how to prepare your environment to support using the WebCenter Spaces APIs.

The first step describes the administrator tasks required to configure WS-Security for WebCenter Spaces so that the communication between the an application exposing WebCenter Spaces APIs (the client) and WebCenter Spaces (the producer) is secure, and that the identity of the user invoking the APIs is protected. In this section I will give examples of only the actual commands. If you would like more information on each of the command arguments are, please see Section 32 in the WebCenter Administration Guide.

Creating the WebCenter (Producer) Domain Keystore

To create and manage the keys and certificates in the JKS, use the keytool utility that is distributed with the Java JDK 6. Using keytool, generate a key pair:

Note: If you are deploying your application to the same domain, you do not have to create the client keystore and keys. However, if the client is in a different domain, for example, testing your application in JDeveloper embedded WebLogic Server, you will need to do the next steps.

Once that is done you should have created 2 keystores, (producer) webcenter.jks (alias=webcenter) and (client) external_webcenter_custom.jks (alias=external_webcenter_custom). Pay close attention to the client alias name. This name is important as it will be used as a parameter in Spaces API code. The next steps are to register the keystores with both the WebCenter domain and JDeveloper (client) domain. This is a 2 step process. The first step is to modify the jps-config,xml and then use WLST to update the security credentials. Note before doing any of the proceeding modifications, be sure to BACK UP both the jps-config.xml and the cwallet.sso files.

Register Keystore in WebCenter (producer) Domain

Copy the keystore that you created for the WebCenter domain (webcenter.jks) to the fmwconfig directory. This directory is located in the [Oracle_Home]/user_projects/domains/[wc_domain]/config directory. In the same directory, open the jps-config.xml in a text editor. In this file, locate the "serviceInstance" node for the keystore.provider Provider: Update the "location" property for the new file name (i.e ./webcenter.jks).

Copy the keystore that you created for the JDeveloper domain (external_webcenter_custom.jks) to the fmwconfig directory. This directory is located in the [JDeveloper_sys_home]/DefaultDomain/config directory. For example, on my systems this location is:

In the same directory, open the jps-config.xml in a text editor. In this file, locate the "serviceInstance" node for the keystore.provider Provider: Update the "location" property for the new file name (i.e ./external_webcenter_custom.jks).

Once you have completed the above steps there are commands that can enable you to check to see if everything is setup correctly (i.e. the alias names match to the correct domain). For checking the credentials, run the following from WLST:

One final important note. In order for the client code to work, you must also have a security token to provide the user. This can be accomplished by enabling ADF security on the application, which is invoking the Spaces API code.

Recently I received a request to create a task flow, which would be able to programmatically set security permissions to a (Spaces) group space page. Of course WebCenter Spaces OOTB already has a supporting UI (from the Manage Page Link) for this task. However, whatever the requirement is for enabling this functionality, it is good to know that there is a public API to code against. You can view the documentation here.

In this example, since I need to interact with the Page Service, I need to create an instance of the Service:

In this code fragment mScope contains the MDS based information of the particular group space. For example, in this example:

Scope[name=MyGroupSpace, guid=s6dbba758_c69f_4602_af4d_0834b84b3dde]

There are also 2 methods that will enable the extraction of useful information about the scope itself. One is the getName(), which return the group space name, and the other getGUID(), which returns the unique id of the group space location in MDS. These methods are great for deriving code, which can be use to pass as parameters of certain methods. Later on I will give an example of this to find the "path" of the page I want to add security on. Once I have established the page service, I can now create code to complete my use case:

There are 2 steps actually in getting this to work correctly. The first step is that the page permission must be set to use "CustomPagePermission" page security. The default is "PagePermission". This is achieved by using the changePagePermisssion(). The next step is to set the new grants by using the grantPagePermission(). This method takes as its parameters, the page "path" (notice how I use the scope methods to help me create the page path), and grantee name (either a user or group, which has been defined in ldap provider, for example) , and the new permission(s), a String that has the values separated by commas. Valid values are: manage, update, delete, personalize, view.

After invoking the code, I can query the PageSecurity Manager to check my policy updates:

Friday, May 13, 2011

Introduction

Configuring a new portal site is easy, right?! However this statement is probably made by someone who knows his way around.To ease this process the development team can assist there portal administrators by introducing LoV (List of Values) for the available taskflows. This applies to new and existing taskflow, yes you can add List of Values to existing taskflows.There is following types of LoV:

Static LOV To display a list of predefined values.

Dynamic LOV To display a list of values generated by evaluating an EL value that is computed when the page is run.

Global LOV To display a global list of values that can be used in any task flow in the application.

Picker To display all values in a picker format, for example, a document picker.

This post will only go through a Static example, however the other options are straight forward.

Configuration

Assume following scenario to understand the context:Step one create a new WebCenter Portal Project, add a desired navigation, add few pages, make sure they are customizable and support composer. All pages will be empty so the administrator has to add the taskflow using the Runtime administration and edit the page.It will look something like this:The parameters now are open text boxes that is completely open, even though we declared them mandatory, one problem here is that we cannot guarantee the value the user will enterThere is an remedy for this, by using the new Oracle Composer extension file, pe_ext.xmlWe are now going to introduce LoV for parameters Colour and Language parameter, the process below can be repeated for any taskflow, new or existing.Create new XML file called pe_ext.xml under Portal\adfmsrc\META-INFAdd following xml chunk:

Tuesday, May 10, 2011

If you are currently developing a Human Task you might have wasted some time testing and redeploying your application many times. You also might have been remote debugging it, which takes quite some time due to the unresponsiveness of your remote WLS.The steps I describe below will make your BPM Workspace application point to the Human Task running inside the Integrated WLS in JDeveloper, which means that for any changes done in the UI layer you will only need to refresh the browser to see it or rebuild a Java class to get it reflected on the business layer. Kudos go to the BPM Product Management team that has put this ant script together, I’m just making the setup process more clear.

Setup

1. Open $JDEV_DOMAIN_HOME/config/fmwconfig/system-jazn-data.xml and add the following grant for BPM. $JDEV_DOMAIN_HOME is usually located under C:\Users\<username>\AppData\Roaming\JDeveloper\system11.1.1.4.37.59.23\DefaultDomain. C:\Oracle\Middleware is where JDeveloper is installed ($JDEV_HOME).